On 11/09/14 01:10, Johannsb wrote: > I have two switches Enterasys and four computers as below: > > switch 1 - Enterasys B3 with: > > Computer A in port ge.1.1 > Computer B in port ge.1.2 > > switch 2 - Entreasys B3 with: > > Computer C in port ge.1.1 > Computer D in port ge.1.2 > > The two switches are linked by port ge.1.48. > All computers are in same network 10.0.0.X/255.255.255.0. > > I need this result: > Among Computer A, B and D: comunication it's permited > Between Computer A and C: comunication it's permited too > But among Computer B, C and D: no comunication it's permited > > In ohter words: > If in machine A I type "ping 10.0.0.A" or "ping 10.0.0.B" or "ping 10.0.0.D" > or "ping 10.0.0.C", the result must to be a answer > If in machine A or B or D, I type "ping 10.0.0.C", the result must to be no > answer > If in machine C I type "ping 10.0.0.A", the result must to be a answer > If in machine C I type "ping 10.0.0.B" or "ping 10.0.0.D", the result must to > be no answer > > The question: > I tried to create a VLAN for machines A, B e D and other for C, but the > result it isn't the above. > What I have to type in each switch for get the objective with success?
If it was just on one switch, you might be able to use protected ports, however it doesn't work across multiple switches: "Ports that are configured to be protected cannot forward traffic to other protected ports in the same group, regardless of having the same VLAN membership. However, protected ports can forward traffic to ports which are unprotected (not listed in any group). Protected ports can also forward traffic to protected ports in a different group, if they are in the same VLAN. Unprotected ports can forward traffic to both protected and unprotected ports. A port may belong to only one group of protected ports. This feature only applies to ports within a switch or a stack. It does not apply across multiple switches in a network." Because of this, policy is probably your best bet, however buying policy licenses for B3s is quite hard these days. You could maybe also experiment with having multiple untagged egress VLANs, but that's probably not going to work without policy anyway. -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
